[ISN] [Vmyths.com ALERT] Hysteria over ''Sasser'' worm

From: InfoSec News (isn@private)
Date: Thu May 06 2004 - 03:07:55 PDT

  • Next message: InfoSec News: "[ISN] Windows & .NET Magazine Security UPDATE--New Worms Target Unpatched Web Servers--May 5, 2004"

    Forwarded from: Vmyths.com Virus Hysteria Alert <vmyths_news@private>
    
    Vmyths.com Virus Hysteria Alert
    {5 May 2004, 00:20 CT}
    
    -------
    Want to unsubscribe from this mailing list?  No sweat!  You'll find
    easy instructions at the bottom of this email...
    -------
    
    Headlines around the world warn of the spread of multiple variants of
    the "Sasser" worm.  "Sasser's toll likely stands at 500,000
    infections," a typical headline reads.  Vmyths notes security experts
    have tended to make guesses in the same ballpark -- ranging from
    200,000 to one million infected computers.
    
    News stories at first identified those who made guesstimates, but the
    current batch of stories no longer directly cites sources for these
    figures.  "500,000 to one million infected PCs" is now widely accepted
    by the media as if it were a fact rather than a conjecture.
    
    A News.com story penned by Rob Lemos pointed out that "while [these]
    numbers sound overwhelming, the compromised PCs make up a fraction of
    a percent of the computers connected to the Internet."  Vmyths agrees
    with Lemos' assessment.
    
    Security experts FAILED to predict the Sasser worm would focus more on
    home computers than business PCs.  The reasons for it are obvious in
    hindsight to these experts, so Vmyths must ask a rhetorical question
    -- "why didn't security experts predict the obvious?"  And speaking of
    predictions...
    
    Security experts didn't agree on what day they thought the Sasser worm
    would achieve "peak activity."  American experts predicted it would
    peak on Monday "as millions of workers bring their laptops back to
    their offices, after using them over the weekend to access the
    Internet from relatively unsecured home locations."  On the other
    hand, experts who live outside the U.S. predicted Sasser would peak on
    Tuesday due to long holiday weekends in some parts of the world.
    
    (Conflicting accounts of the worm's spread make it difficult to gauge
    the accuracy of these predictions.)
    
    Panicky firms have damaged themselves over the years in a trend known
    as "precautionary disconnects."  (See
    http://Vmyths.com/rant.cfm?id=241&page=4 for details.)  In the latest
    example, an AFP newswire revealed "Sampo, Finland's third largest
    bank, closed its 130 branch offices across the country to prevent the
    Sasser Internet worm from infecting its systems...  'We decided to
    close our offices as a precaution, since we knew that our virus
    protection hadn't been updated,' Sampo spokesman Hannu Vuola [said]."  
    In other words, Finland's third-largest bank voluntarily made itself
    Finland's SMALLEST bank -- because they didn't trust their "antivirus
    solution" to protect them in a time of crisis.
    
    Contrary to widespread reports, Australia's "RailCorp" railway system
    may NOT have been hampered by the Sasser worm.  CEO Vince Graham was
    quoted as saying their most recent woes "could very well be a matter
    related to a virus getting into [RailCorp's] system."  Graham did NOT
    confirm anything, and this is an important distinction.  Vmyths
    readers may recall security experts incorrectly blamed a computer worm
    for the U.S. electrical blackout of 2003.
    
    Vmyths has observed new buzz phrases in the media's coverage of the
    Sasser worm.  For example, did you know there is now a "network
    telescope" which can peer into "the dark matter of the Internet"?  
    See http://news.com.com/2100-7349_3-5205107.html for details.
    
    Normally, Vmyths would expect to see "global damage estimates" for the
    Sasser worm, courtesy of a company known as mi2g.  (See
    http://Vmyths.com/resource.cfm?id=64&page=1 for details on this firm's
    antics.)  However, mi2g has remained oddly silent since mid-April.  
    Still, Vmyths will watch for mi2g to add Sasser's costs to their
    astronomical tally for virus damages.
    
    Stay calm.  Stay reasoned.  And stay tuned to Vmyths.
    
    Rob Rosenberger, editor
    http://Vmyths.com
    (319) 646-2800
    
    --------------- Useful links ------------------
    
    Remember this when virus hysteria strikes
    http://Vmyths.com/resource.cfm?id=31&page=1
    
    Common clichés in the antivirus world
    http://Vmyths.com/resource.cfm?id=22&page=1
    
    False Authority Syndrome
    http://Vmyths.com/fas/fas1.cfm
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Thu May 06 2004 - 03:58:25 PDT